pysslscan icon indicating copy to clipboard operation
pysslscan copied to clipboard

Published 20 hours ago verified publisher icon DinoTools

Enumerate supported DH parameters

Open tyll opened this issue 11 years ago • 1 comments
trafficstars

The ServerKeyExchange message contains details about the DH parameters. It should be checked that it is complex enough.

tyll avatar Sep 22 '14 19:09 tyll

The next version of FlexTLS can decode ServerKeyExchange messages. But at the moment I'm not sure how to check if the DH parameters are complex enough.

It's possible to extract three values from ServerDHParams.

  • dh_p - The prime modulus used for the Diffie-Hellman operation.
  • dh_g - The generator used for the Diffie-Hellman operation.
  • dh_Ys - The server's Diffie-Hellman public value (g^X mod p).

phibos avatar Mar 04 '15 16:03 phibos